 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.112907 |
| Categoría: | Web application abuses |
| Título: | Symfony 5.3.x < 5.3.2 Incorrect Authentication Vulnerability (GHSA-rfcf-m67m-jcrq) |
| Resumen: | Symfony is prone to an incorrect authentication vulnerability. |
| Descripción: | Summary: Symfony is prone to an incorrect authentication vulnerability. Vulnerability Insight: When an application defines multiple firewalls, the authenticated token delivered by one of the firewalls is available to all other firewalls. This can be abused when the application defines different providers for different parts of an application. In such a situation, a user authenticated on one part of the application is considered authenticated on the whole application. Affected Software/OS: Symfony version 5.3.x before 5.3.2. Solution: Update to version 5.3.2 or later. CVSS Score: 6.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2021-32693 https://github.com/symfony/symfony/security/advisories/GHSA-rfcf-m67m-jcrq https://github.com/symfony/security-http/commit/6bf4c31219773a558b019ee12e54572174ff8129 https://github.com/symfony/symfony/commit/3084764ad82f29dbb025df19978b9cbc3ab34728 https://symfony.com/blog/cve-2021-32693-authentication-granted-to-all-firewalls-instead-of-just-one |
| Copyright | Copyright (C) 2021 Greenbone Networks GmbH |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |